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DETAILED ACTION 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, 
subject to the conditions and requirements of this title. 

1. Claim 12 are rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter. , 

Referring to claim 12: 

Claim 12 recites "A program product capable of being read by a computer 
for supporting creation of a security specification in respect of an information network 
system, which comprises: a definition information acceptance program that accepts 
definition information of respective components constituting the information network 
system from the user; a security specification selection program that looks up reusable 
examples from a security specification example database in which existing security 
specifications are registered as examples based on definition information of the 
component accepted by the definition information acceptance program in respect of the 
respective components; and a security specification draft creation program that creates 
a composite security specification draft in respect of an information network system by 
entering the details of respective examples found by the security specification selection 
unit in a prescribed form of security specification and accepts revisions of the draft from 
the user." A computer program is merely a set of instructions capable of being 
executed by a computer, so the computer program itself is not a process. Therefore, a 
claim for a computer program, without the computer-readable medium needed to realize 
the computer program functionality, is treated as nonstatutory functional descriptive 
material. Therefore, claim 12 recites non-statutory subject matter. 
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Claim Objections 

2. Claim 12 objected to because of the following informalities: 

"the security specification selection unit" is referred to, but not defined in the 

claim. 

Appropriate correction is required. 



Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

4 Claims 1-13 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Cheng (U.S. Patent No. 5,487,132) in view of Sadiq (U.S. Pub. No. 2004/0148183 
A1). 

Referring to claim 1 : 

i. Cheng teaches: 
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A security specification creation support device that supports 
creation of a security specification in respect of an information network system, 
comprising: 

a security specification example database in which existing security 
specifications are registered as examples (see figure 1, element 14 'knowledge base'; 
and column 2, lines 41-51 of Cheng); 

a definition information acceptance unit that accepts the definition 
information of respective components constituting the information network system from 
a user (see figure 10, element 29 'security model specifier'; and column 11, lines 52-64 
of Cheng); 

a security specification selection unit that looks up reusable 
examples from the security specification example database based on definition 
information of the component accepted by the definition information acceptance unit in 
respect of the respective components (see figure 1, element 15 'information scout'; and 
column 2, lines 52-63 of Cheng); and 

a security specification draft creation unit that creates a composite 
security specification draft in respect of an information network system by entering the 
details of respective examples found by the security specification selection unit in a 
prescribed form of security specification and accepts revisions of the draft from the user 
(see figure 1, element 18 'program generator'; and column 2, lines 64-67 of Cheng). 

Cheng discloses the security model specifier and the security 
model specification (see figure 10, element 29; column 11, lines 63-64 of Cheng). 
However, Cheng does not specifically mention the security specification. 

ii. Sadiq teaches a method for customizing infrastructure services for 
use in network services, wherein Sadiq discloses the security specification (see page 5, 
paragraph [0074], lines 4-7 of Sadiq). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Sadiq into the method of 
Cheng to apply the security specification. 
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iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Sadiq into the system of Cheng to apply the security 
specification, because Cheng's, system utilizes the security model specifier and the 
security model specification (see figure 10, element 29; column 11, lines 63-64 of 
Cheng), therefore Sadiq's teaching of security specification would enhance Cheng's 
system. 

Referring to claim 2 : 

Change and Sadiq disclose the claimed subject matter: a security 
specification creation support device. They further disclose when at least one reusable 
example is detected from the security specification example database in respect of the 
respective components, allows a user to select an example for re-use (see column 2, 
lines 41-67 of Cheng); and when no reusable example detected from the example 
database, accepting from the user a specification draft of the components (see column 
11, lines 26-30 of Cheng). 

Referring to claim 3 : 

Change and Sadiq disclose the claimed subject matter: a security 
specification creation support device. They further disclose that details of the security 
specification drafts of the respective components can be identified (see column 2, lines 
60-63 of Cheng). 

Referring to claim 4 : 

Change and Sadiq disclose the claimed subject matter: a security 
specification creation support device. They further disclose dividing the information 
network system into operational environment units, such as domain, hosts [i.e., 'units'], 
and infrastructure services [i.e., 'subsystems'], etc. (see figure 5 of Sadiq). 

Referring to claim 5 : 

Change and Sadiq disclose the claimed subject matter: a security 
specification creation support device. They further disclose the prescribed form of 
security specification (see abstract, lines 1-3 'a system of property sheets', of Sadiq). 

Referring to claim 6 : 
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Change and Sadiq disclose the claimed subject matter: a security 
specification creation support device. They further disclose the registering (see page 2, 
paragraph [0018], lines 9-11 of Sadiq). 
Referring to claim 7 : 

Change and Sadiq disclose the claimed subject matter: a security 
specification creation support device. They further disclose the configuration (see page 

I, paragraph [0003] of Sadiq). 

Referring to claims 8-10 : 

Change and Sadiq disclose the claimed subject matter: a security 
specification creation support device. They further disclose the tree structure and layer 
relationship (see figure 5; and page 8, paragraph [01 13] of Sadiq). 
Referring to claim 12 : 

i. Cheng teaches: 

A program product capable of being read by a computer for 
supporting creation of a security specification in respect of an information network 
system, which comprises: 

a definition information acceptance program that accepts the 
definition information of respective components constituting the information network 
system from the user (see figure 10, element 29 'security model specifier'; and column 

II, lines 52-64 of Cheng); 

a security specification selection program that looks up reusable 
examples from a security specification example database in which existing security 
specifications are registered as examples based on definition information of the 
component accepted by the definition information acceptance unit in respect of the 
respective components (see figure 1, element 15 'information scout'; and column 2, 
lines 52-63 of Cheng); and 

a security specification draft creation program that creates a 
composite security specification draft in respect of an information network system by 
entering the details of respective examples found by the security specification selection 
unit in a prescribed form of security specification and accepts revisions of the draft from 
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the user (see figure 1, element 18 'program generator'; and column 2, lines 64-67 of 
Cheng). 

Cheng discloses the security model specifier and the security 
model specification (see figure .10, element 29; column 11, lines 63-64 of Cheng). 
However, Cheng does not specifically mention the security specification. 

ii. Sadiq teaches a method for customizing infrastructure services for 
use in network services, wherein Sadiq discloses the security specification (see page 5, 
paragraph [0074], lines 4-7 of Sadiq). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Sadiq into the method of 
Cheng to apply the security specification. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Sadiq into the system of Cheng to apply the security 
specification, because Cheng's system utilizes the security model specifier and the 
security model specification (see figure 10, element 29; column 11, lines 63-64 of 
Cheng), therefore Sadiq's teaching of security specification would enhance Cheng's 
system. 

Referring to claim 13 : 

i. Cheng teaches: 

A security specification creation support method that supports 
creation of a security specification in respect of an information network system using a 
computer in which a security specification example database in which existing security 
specifications are registered as examples is stored in a storage device of the computer 
or another computer connected with the aforesaid computer through a network, and the 
computing device of the computer performs operations comprising: 

Accepting from the user definition information of respective 
components constituting the information network system (see figure 10, element 29 
'security model specifier'; and column 11, lines 52-64 of Cheng); 

selecting a security specification by looking up reusable examples 
from the security specification example database based on definition information of the 
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component in respect of the respective components (see figure 1, element 15 
'information scout'; and column 2, lines 52-63 of Cheng); and 

creating a composite security specification draft in respect of the 
information network system by entering the detains of respective examples found by 
the security specification selection step in a prescribed form of security specification and 
accepting revisions of the draft in question are accepted from the user (see figure 1, 
element 18 'program generator'; and column 2, lines 64-67 of Cheng). 

Cheng discloses the security model specifier and the security 
model specification (see figure 10, element 29; column 11, lines 63-64 of Cheng). 
However, Cheng does not specifically mention the security specification. 

ii. Sadiq teaches a method for customizing infrastructure services for 
use in network services, wherein Sadiq discloses the security specification (see page 5, 
paragraph [0074], lines 4-7 of Sadiq). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Sadiq into the method of 
Cheng to apply the security specification. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Sadiq into the system of Cheng to apply the security 
specification, because Cheng's system utilizes the security model specifier and the 
security model specification (see figure 10, element 29; column 11, lines 63-64 of 
Cheng), therefore Sadiq's teaching of security specification would enhance Cheng's 
system. 



Conclusion 



5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Joseph Pan whose telephone number is 571-272- 
5987. . 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



Joseph Pan 
January 30, 2007 



